LinkedIn Substantiates its Members’ Passwords got Exposed

According to LinkedIn the business social-networking website, it's aware of a security breach against it that compromised the passwords of its users as those passwords were found exposed on an allegedly pilfered list. The company, however, didn't say the way the breach occurred. ZDNet reported this on June 7, 2012.

The incident became evident when an end-user browsing a Russian site, on June 6, 2012, apparently pulled down 6.46m hashed passwords belonging to people, with a few of those passwords being from LinkedIn.

Initially, when the company probed into the issue it declared that no data hack had occurred in spite of reports from LinkedIn users about their knowledge of the passwords' appearance online, nevertheless over time, LinkedIn formally announced that an intrusion did occur into its database.

Meanwhile, cyber-criminals promptly pounced on to capitalize on the news of the alleged infringement through its utilization as bait for duping unwitting end-users into taking down malicious software with which they could extort financial benefit.

Reportedly, before long the hack occurred, members of LinkedIn started getting e-mails, which immediately appeared as being sent from the website. The messages sought confirmation of end-users about their e-mail id via following a given web-link. However, on doing so they were taken onto scam sites like illegitimate pharmacy sites, which sold products such as Viagra.

And while many security researchers substantiated the fraudulent nature of the e-mails they as well substantiated the security infringement.

Security Expert Ange Albertini with Comodo Internet Security tweeted on twitter.com that his LinkedIn password was enlisted online even while it contained wholly arbitrary sixteen characters. Softpedia.com published this on June 6, 2012.

In the meantime, Senior Security Consultant Graham Cluley of Sophos the security company in efforts towards lessening the possible fraudulent electronic mail attacks suggested every LinkedIn member to reset his/her password at the earliest to remain precautious. Theinquirer.net published this on June 6, 2012.

Cluley further said that the new password most certainly should be solely for the LinkedIn website and none other, as also difficult to decode. Essentially, a single password shouldn't be used on multiple sites, he stated in addition.